-
Notifications
You must be signed in to change notification settings - Fork 14
/
info_system.yaml
217 lines (212 loc) · 6.48 KB
/
info_system.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
# This work is dual-licensed under Creative Commons Zero v1.0 Universal and GNU General Public License v3.0 or later.
# The file containts example code. Replace the values with information that is pertinent to your project.
application_number:
sensitivity: low impact
security_categorization: low
authorizing_official:
internal_personnel:
est_internal_personnel:
external_personnel:
est_external_personnel:
status: Major Modification
other_description:
cloud_deployment: public
hybrid_description:
info_types: # Table 2‑2
-
type: Training Materials
reco_confidentiality: Low
reco_integrity: Low
reco_availability: Low
sel_confidentiality: Low
sel_integrity: Low
sel_availability: Low
impact: Training materials is not classified, or FOUO. Users only have access to the training if the instructor grants access to the Training content. All students are vetted prior to coming to the training class and are granted access control to all training material within his/her course
-
type: Profile Information
reco_confidentiality: Low
reco_integrity: Low
reco_availability: Low
sel_confidentiality: Low
sel_integrity: Low
sel_availability: Low
impact: Users have the option of sharing his/her profile information. Information is considered business rolodex information and doesn’t contain financial information or highly sensitive information. User account information is encrypted with 256 bit encryption using FIPS 140-2 compliant security requirements and requires multi-factor authentication and privileged user access to access user accounts.
leveraged_systems: # Table 9‑4
-
name:
provider_owner:
date:
roles_privileges: # Table 10‑1
- role: AWS Dashboard Administrator
int_ext: Internal
privilege_level: P
sensitivity: Moderate
authorized_privileges: AWS Dashboard access
functions: Add/remove virtual hardware, manage backup and restore server
- role: UNIX System Administrator
int_ext: Internal
privilege_level: P
sensitivity: Moderate
authorized_privileges: Full administrative access (root)
functions: Add/remove system users, install and configure software, OS updates, patches and hotfixes
- role: Site Administrator
int_ext: Internal
privilege_level: P
sensitivity: Limited
authorized_privileges: Full Application Access
functions: Application configuration, external user permissions, and content management
- role: Manager
int_ext: Internal
privilege_level: P
sensitivity: N/A
authorized_privileges: Extended Application Access
functions: Limited user permissions and content management.
- role: Editor
int_ext: Internal
privilege_level: NP
sensitivity: N/A
authorized_privileges: General Users
functions: Create, edit and delete content.
- role: Authenticated User
int_ext: Internal
privilege_level: NP
sensitivity: N/A
authorized_privileges: General Users
functions: View published content and post comments.
roles_perms_additional: >
The Project uses groups for access to most content.
* **Unauthenticated Users** -- _Unauthenticated users_ have limited access to
content on the Project. They can only access content that is marked as
_Public_ and can request membership to _Organizations_ and _Groups_.
* **Authenticated Users** -- Users need to be request access, or be added
to _Groups_.
* **Group Manager** -- _Group Managers_ is responsible for managing the content
and members for a group.
* **Group Members** -- _Group Members_ can access public content as well as
content specific to their groups.
system_function: > # Section 10.1
The Project uses Open Source Software and is a web based social business tool
built on top of a Content Management System (CMS).
components_boundaries: > # Section 10.2
The accreditation boundary includes applications and guest operating
systems that reside on the AWS Infrastructure-as-a-Service (IaaS).
boundary_diagram:
network_diagram:
ports_protocols: # Table 11‑1
- port: 22
protocols: TCP
services: SSH Bastion
purpose: SSH acces to server
used_by: System Administrator
- port: 53
protocols: TCP/UDP
services: AWS DNS
purpose: DNS service within AWS
used_by:
- port: 123
protocols: UDP
services: AWS NTP
purpose: Network time protocol
used_by:
- port: 443
protocols: TCP
services: AWS ELB
purpose: Load balancing
used_by:
- port: 3306
protocols: TCP
services: Amazon RDS
purpose: Database
used_by:
- port: 5044
protocols: TCP/UDP
services: SSH/rsync audit records
purpose: Elasticsearch (from all instances in VPC)
used_by:
- port: 8983
protocols: TCP
services: Solr
purpose: Solr search
used_by:
- port: 443
protocols: TCP
services: CMS
purpose: CMS update
used_by: CMS
- port: 443
protocols: TCP
services: ClamAV
purpose: ClamAV definitions updates
used_by: ClamAV
- port: 443
protocols: TCP
services: BrowseCap
purpose: Determine browser capabilities
used_by: CMS
- port: 443
protocols: TCP
services: GitLab
purpose: Used to pull in code changes via git pull
used_by: CMS
- port: 443
protocols: TCP
services: GitLab docker registry
purpose: Used to pull in docker images
used_by: Audit
- port: 443
protocols: TCP
services: OpsGenie
purpose: AWS CloudWatch pings OpsGenie
used_by: all instances
- port: 443
protocols: TCP
services: yum
purpose: RHEL (AWS mirrors) - Repo Lists
used_by: all instances
- port: 443
protocols: TCP
services: LetsEncrypt
purpose: SSL certificates
used_by: all instances
- port: 25
protocols: TCP
services: AWS SES
purpose: AWS Simple Email Service (from all)
used_by:
- port: 636
protocols: TCP
services: OCSP
purpose: Online Certificate Status Protocol
used_by: CMS
- port: 143
protocols: TCP/UDP
services: IMAP
purpose: Spam report management
used_by: CMS
- port: 993
protocols: TCP/UDP
services: IMAPS
purpose: Spam report management
used_by: CMS
- port: 443
protocols: TCP
services: pip
purpose: Python package management
used_by: Python
interconnections: # Table 12‑1
description:
table:
-
addr_interface:
ext_org_ip:
ext_poc:
connection_sec:
data_direction:
info_transmitted:
port_or_circuit:
standards: # Table 13‑2
-
id:
title:
date:
link: